Database Reference
In-Depth Information
Security Management
The ILOM allows account management and integration with a variety of popular authentication protocols. Discussing
them all in detail would be out of the scope of this topic. We will look at Active Directory integration as part of this
section and also discuss how to manage users locally.
Local Account Management
The ILOM provides a secure way to authenticate and perform day-to-day functions via locally authenticated
accounts. This is the default authentication method to get access to an ILOM. ILOM Account management allows an
administrator to provision accounts for a variety of functions. Table
2-4
lists all the roles that are available to users.
Table 2-4.
Roles Available for ILOM Authentication
Role
Description
a (Admin)
Complete admin privileges
u (User)
Provides access to allow creation and deletion of users and to configure authentication services
c (Console)
Access to console functions that allow for BIOS updates
r (Reset)
Allow for control of the host power, as well as power cycle the SP
o (Read Only)
Allows for read-only access to logs and environmental information
Based on the role selected (Administrator, Operator, Advanced Roles), various privileges are given to the user.
Users can be created via the ILOM GUI or via the command line.
Figure
2-4
and the preceding command-line example shows some of the various means that can be used to add
a user to the ILOM for local authentication. The roles and privilege assignment, as well as user deletion, can also be
done via the GUI or the command line, depending on your comfort level.
